The UK Plows Ahead in Implementing PSD2 Compliant Open Banking

On Monday, October 9, Lendit Europe, the event gathering 1000+ representatives of the international fintech and lending scene on the banks of the River Thames, opened with a presentation by Imran Gulamhuseinwala OBE, Global Head of FinTech at consultancy firm EY, who spoke about “The Open Banking Revolution.” He delivered the message that the open banking revolution is in the making at global level and, most importantly, that the UK can lead in making it a reality. Paradoxically, the UK will probably be ahead of the European Union (EU), that it is scheduled to leave, in implementing the EU’s Payment Service Directive (PSD2), one of the major advances towards open banking.

Imran Gulamhuseinwala spoke as the Trustee of the Open Banking Implementation Entity(OBIE).The OBIE is a government-sponsored organization that was created following a two-year review of the UK current account market by the Competition and Markets Authority (CMA). Among several remedies to enhance competition, the review proposed to set up the OBIE to drive the opening of the banking market. Concretely, the OBIE is tasked to deliver the application programming interface (API), data structures and security architectures that will enable consumers and SMEs to share their banking information with third parties and initiate third party payments from their bank account, in accordance with the EU’s Payment Service Directive (PSD2).

The OBIE is a private body whose governance and budget are determined by the CMA. It is funded by the UK’s nine largest current account providers and overseen by the CMA, the Financial Conduct Authority (FCA) and Her Majesty’s Treasury. The nine UK banks mandated by the CMA are the Allied Irish Bank, Bank of Ireland, Barclays, Danske, HSBC, Lloyds Banking Group, Nationwide, RBS Group, Santander. The OBIE is also working with consumer organizations, challenger banks such as ATOM and fintech third parties. Together the financial institutions that are part of the OBIE represent 90% of the UK consumer banking market.

The technical API standards promoted by the OBIE will be ready for UK banks and fintechs to adopt as soon as PSD2 comes into force in January 2018. By contrast, in the rest of the EU, the European Banking Authority and the European Commission will issue technical standards only by mid-2019, leaving banks and fintechs to experiment with different solutions and resolve issues such as the dispute over screenscraping.

A Consumer Need and a Major Innovation Opportunity

For Imran Gulamhuseinwala, open banking is an inescapable global trend. In some countries, the change is driven by data providers. In others, it is a voluntary change driven by banks. But in most countries such as India, China or the countries of the EU, the change is driven by the regulators who wants to open the competition among banks and between banks and fintechs by forcing them to share customer information using secure APIs.

Open banking is a revolution in that reverses the established view of financial data ownership:

“Consumers’ financial data belongs to consumers, not to the bank. If consumers want to give access to their data to third parties, they have the right to do so,” said Imran Gulamhuseinwala.

Consent and control: Open banking gives consumers control over their financial data. No movement of their data can happen without their expressed consent.

Choice: Consumers are given the right to move their data from one supplier to another, which gives them more choices, and should ultimately enable them to make more out of their money.

Security: consumers can initiate payment transactions and move their data across financial services in a fully secured setting.

As an architect of open banking, Imran Gulamhuseinwala made a point of presenting open banking not only as a customer benefit, but also as an opportunity for banks and fintechs:

“Open banking has the potential to bring creativity in financial services to new levels not seen so far,” he added.

These opportunities may, however, sound to many banks as threats. Indeed, open banking is bound to:

Enhance digitization: Banks are not as efficiently interconnected as they claim. Unlike other sectors’, such as travel, their interconnections are full of frictions that hamper real-time transactions. Open banking’s APIs standards will help remove some of these frictions and stimulate innovation, such as the digitization of collaterals.

Level the playing field: By promoting standards, open banking levels the playing field, not only for fintechs, but also for more new entrants into banking, such as merchants and telecom providers.

The UK moves ahead of the EU with technology standards

The OBIE’s proposed implementation of PSD2 follows four principles:

Customers must give express consent before any communication of their data.

At any time, customers can review all the consents they have given on a dashboard.

The technical API standards adopted in the UK follows a secure redirection model using Mutual TLS, OAuth 2.0 and Open ID Connect. Customers will not have to share their user name and passwords as they are redirected. This is considered critical both for security reasons and to avoid repeated logins that put off customers.

All participants in the OBIE scheme, including third party Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISP) must be fully regulated and registered with the OBIE – which is not the case in the EU implementation of the PSD2 directive.

The agenda followed by OBIE is designed to meet the PSD2 deadlines:

March 1st 2017:the first set of standards were released.

July to August 2017: the standards for read-write that enable open banking payment in the Open Banking Security Profile were released.

October 2017: Enrollment of new financial institutions into the OBIE scheme starts.

January 13th: OBIE meets the deadline for the coming into force of the PSD2.

A Call To Action

The standards implemented by January are considered as only a first version, subject to improvement.More companies, in particular third party account information service providers and third party payment initiation service providers must join the program, build new applications and create new experiences to put the OBIE’s specifications to the test.

“Get yourself authorized, for example as an AISP, enroll into the OBIE and get access to 90% of the UK market,” Imran Gulamhuseinwala concluded.

Later in the days several speakers took up the open banking theme again:

“A fintech may not by itself be a viable alternative to established banks, but as an ecosystem in an open banking environment, it is much better positioned. Open banking has an enormous potential, but it also presents enormous challenges for traditional banks, technically and culturally,” said Anne Boden, the CEO of challenger bank Starling Bank.

Therese Torris, PhD, is a Senior Contributing Editor to Crowdfund Insider. She is an entrepreneur and consultant in eFinance and eCommerce based in Paris. She has covered crowdfunding and P2P lending since the early days when Zopa was created in the United Kingdom. She was a director of research and consulting at Gartner Group Europe, Senior VP at Forrester Research and Content VP at Twenga. She publishes a French personal finance blog, Le Blog Finance Pratique.